| Message ID | 20250121105753.1817580-2-yury.khrustalev@arm.com |
|---|---|
| State | New |
| Headers | show |
| Series | NEWS: Add note on Guarded Control Stack support | expand |
In general this is of course ok for the release. See remark below. Am Dienstag, 21. Januar 2025, 11:57:53 Mitteleuropäische Normalzeit schrieb Yury Khrustalev: > --- > NEWS | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/NEWS b/NEWS > index b5f15148a0..79a55f3854 100644 > --- a/NEWS > +++ b/NEWS > @@ -74,6 +74,17 @@ Major new features: > which currently include 'node_id' and 'mm_cid' and will also allow exposing > new features as they get added to future Linux kernels. > > +* The GNU C Library now supports Guarded Control Stack extension that allows > + to use shadow stacks on AArch64 systems that support this extension. > + Building the library with standard branch protection enabled while using > + a toolchain that supports GCS (binutils 2.44 and GCC 15 or later), will > + enable GCS support in glibc. There is no special configuration flag. > + GCS-enabled glibc is compatible with all existing executables and shared > + libraries and will run with and without GCS support in the system. GCS is > + opt-in and can be controlled at runtime via the glibc.cpu.aarch64_gcs > + tunable, By default GCS is disabled. The readiness level of this feature > + is beta. It is intended for early testing and enablement. About the last two sentences ["The readiness"]... is this something we should write / usually write? It feels odd to me, and I'd suggest to just omit it. I mean, the feature is in a "stable" kernel and a "released" glibc, never mind that it's new - and a quick search didn't provide any similar qualifications in the NEWS file. > + > Deprecated and removed features, and other changes affecting compatibility: > > * The big-endian ARC port (arceb-linux-gnu) has been removed. >
On Tue, Jan 21, 2025 at 12:11:32PM +0100, Andreas K. Huettel wrote: > In general this is of course ok for the release. See remark below. > > Am Dienstag, 21. Januar 2025, 11:57:53 Mitteleurop�ische Normalzeit schrieb Yury Khrustalev: > > --- > > NEWS | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/NEWS b/NEWS > > index b5f15148a0..79a55f3854 100644 > > --- a/NEWS > > +++ b/NEWS > > @@ -74,6 +74,17 @@ Major new features: > > which currently include 'node_id' and 'mm_cid' and will also allow exposing > > new features as they get added to future Linux kernels. > > > > +* The GNU C Library now supports Guarded Control Stack extension that allows > > + to use shadow stacks on AArch64 systems that support this extension. > > + Building the library with standard branch protection enabled while using > > + a toolchain that supports GCS (binutils 2.44 and GCC 15 or later), will > > + enable GCS support in glibc. There is no special configuration flag. > > + GCS-enabled glibc is compatible with all existing executables and shared > > + libraries and will run with and without GCS support in the system. GCS is > > + opt-in and can be controlled at runtime via the glibc.cpu.aarch64_gcs > > + tunable, By default GCS is disabled. The readiness level of this feature > > + is beta. It is intended for early testing and enablement. > > About the last two sentences ["The readiness"]... is this something we should > write / usually write? It feels odd to me, and I'd suggest to just omit > it. I mean, the feature is in a "stable" kernel and a "released" glibc, never > mind that it's new - and a quick search didn't provide any similar qualifications > in the NEWS file. Thank you for the feedback. Thinking about it, I agree that it's better to omit it. Kind regards, Yury
diff --git a/NEWS b/NEWS index b5f15148a0..79a55f3854 100644 --- a/NEWS +++ b/NEWS @@ -74,6 +74,17 @@ Major new features: which currently include 'node_id' and 'mm_cid' and will also allow exposing new features as they get added to future Linux kernels. +* The GNU C Library now supports Guarded Control Stack extension that allows + to use shadow stacks on AArch64 systems that support this extension. + Building the library with standard branch protection enabled while using + a toolchain that supports GCS (binutils 2.44 and GCC 15 or later), will + enable GCS support in glibc. There is no special configuration flag. + GCS-enabled glibc is compatible with all existing executables and shared + libraries and will run with and without GCS support in the system. GCS is + opt-in and can be controlled at runtime via the glibc.cpu.aarch64_gcs + tunable, By default GCS is disabled. The readiness level of this feature + is beta. It is intended for early testing and enablement. + Deprecated and removed features, and other changes affecting compatibility: * The big-endian ARC port (arceb-linux-gnu) has been removed.